As gov’t discusses expanding digital searches, ACLU sounds caution

Proposed changes not "minor"—"it is a major reorganization of judicial power."

Late last month, we reported on new federal efforts to gain an expanded ability to conduct “remote access” searches under a warrant against a target computer whose location is unknown or outside of a given judicial district. The government’s proposed revisions to criminal rules will be discussed at an upcoming Department of Justice (DOJ) meeting later this month in New Orleans.

Further Reading

Federal agents have been known to use such tactics in past and ongoing cases: a Colorado federal magistrate judge approved sending malware to a suspect’s known e-mail address in 2012. But similar techniques have been rejected by other judges on Fourth Amendment grounds. If this rule revision were to be approved, it would standardize and expand federal agents’ ability to survey a suspect and to exfiltrate data from a target computer regardless of where it is.

On Monday, the American Civil Liberties Union (ACLU) published a 21-page memorandum with comments and recommendation to the DOJ. Specifically, the ACLU fears “jurisdictional overreach,” which under the new rules would allow a magistrate judge in any district to impose a “remote access search warrant” in any other district. The memo is authored by Nathan Freed Wessler, Chris Soghoian, Alex Abdo, and Rita Cant, who are attorneys and fellows at the ACLU.

“Unlike terrorism investigations (for which out-of-district search warrants are currently authorized, Fed. R. Crim. P. 41(b)(3)), remote searches of electronic storage media are likely to occur with great frequency. The proposed rule is not a minor procedural update; it is a major reorganization of judicial power.”

The ACLU also raised the troubling implications of granting the power of a single warrant to conduct vast digital searches.

“Law enforcement agents may not, and in many cases will not, know ahead of time which cloud services a suspect uses, so warrants will be sought for authority to search any cloud storage service to which the computer is connected,” the memo adds. “ Such authority has little analogue in the context of physical searches. It would be akin to a warrant authorizing the search of a particular house, and also any other building that can be accessed using keys found in the house. Without describing with particularity the places to be searched and demonstrating probable cause as to each one, remote access warrants will violate the Fourth Amendment.”

The organization applied similar logic to the use of zero-day exploits.

“Under the Fourth Amendment, use of zero-day exploits may constitute an unreasonable search. It is well established that some searches in the physical world are too intrusive, destructive, or dangerous to be reasonable,” the memo continues. “Surgically removing evidence from a suspect’s body, using a powerful motorized battering ram to break into a residence, and 'employ[ing] a flashbang device [to enter a house] with full knowledge that it will ‘likely’ ignite accelerants and cause a fire’ have all been ruled unreasonable under the Fourth Amendment. Zero-day exploits may well pose analogous concerns.”

Peter Carr, a DOJ spokesperson, declined to make any additional comments with respect to the ACLU’s new memo, referring Ars only to a five-page letter dated September 18, 2013. That letter, which Carr originally sent last month, was written by Mythili Raman, an acting assistant attorney general to Judge Reena Raggi, a federal judge in Brooklyn who is the chair of the Advisory Committee on Criminal Rules.

Raman’s letter to the judge outlines the government’s case and its need to “better enable law enforcement to investigate and prosecute botnets and crimes involving Internet anonymizing technologies, both of which pose substantial threats to members of the public.”